HACKERS IN ACTION - VIOLATION OF A SERVER
Users usually turn to the Internet to get information and buy products and services. To this end, the most organizations have websites. Most websites store valuable information such as credit card numbers, email address and password, and so on. This has made them targets of attacks. defaced web sites can also be used to communicate the religious or political ideologies, etc. ...
The majority of web servers on the network, using the FTP protocol.
When it comes to FTP it comes to access and transfer files remotely according to an outdated standard.
You can then log on to an FTP server to upload, edit, or download files from a remote computer, using this communication protocol.
FTP is still used in companies to allow employees to access the general file and by webmasters to manage, upload and modify files of a website.
An FTP server can also be created to exchange files between computers on the same network, in the office or even at home but did not make much sense.
It makes much earlier to share files between computers with simple settings of Windows or other operating systems.
You can also use external programs that allow synchronization of files between computers in a much more comfortable.
Another way to use FTP is to make downloading any file from the internet (also music and videos), searching for and connecting to public FTP servers around the world.
an ftp server is freely accessible from the internet if you configure the appropriate authentication credentials (username and password). Otherwise, the site or the server (and all respective folders) may be easily violated.
1) The easiest way to create an FTP server is to use an outdated program, but it remains the most widely used: FileZilla.
FileZilla can be downloaded in both client version and a server version, it is free and oppensource and is available for Windows, Linux and Mac.
Filezilla supports file transfers way to FTP, SFTP, and FTPS (FTP over SSL / TLS).
FileZilla, according to the Sourceforge statistics, is among the top 10 most downloaded open source programs in the world, in the ranking of all time.
Beyond the fact that there are thousands of Guides findable on the internet, it is very easy to use and also supports file drag.
Of Filezilla exists portable version downloadable on winPenPack website.
2) The number two is WinSCP FTP client, which is also a very popular and free program.
This program to transfer files from an FTP server to your computer, supports SFTP communication (SSH File Transfer Protocol) and SCP (Secure Copy) using SSH (Secure Shell).
Its main purpose is to copy files between your computer safely.
With WinSCP you can also work on remote files, modifying or deleting them also because there is a built-in editor to open text documents and save them after the changes.
WinSCP has become very popular among users who have an unlocked iPhone with jailbreak because it becomes an easy way to transfer files from iPhone to computer and vice versa files.
WinSCP is also available in portable version, which is useful if you want to always have the USB device.
3) Find alternatives to FileZilla, you can try the following options:
- FTP Rush, very similar but more beautiful to behold.
- Free FTP
- GoFTP, who claims to be the fastest.
4) The new program that really seems to be the absolute best to make the FTP file transfer is CyberDuck, born for Mac and now also available for Windows PC.
CyberDuck is much more than an FTP client, it makes it possible to access and edit files through the most used Internet communication protocols.
So not only supports transfers remotely via FTP, SFTP, FTP-SSL, but also via WebDAV and WebDAV SSL, the communication protocol http or https to download or upload files from hosting sites on the Internet (if not support it, I tried already with SkyDrive but does not work).
Cyberduck also allows you to access and manage files stored in Amazon S3, and allows you to upload files from your desktop into Google Docs.
Cyberduck supports Drag and drop, import bookmarks from other FTP client such as FileZilla, has the sync function and allows you to view files in the preview before downloading or doing anything else.
5) If you prefer, you can use a built-in FTP client in the Firefox browser, download and install the addon FireFTP that works very well and is complete.
Google Chrome is the FTP client as an extension but is not at the same level.
Finally, if you were good to read up to here even if you did not think of having the need to install an FTP client, you might find a lot of satisfaction to look for files of any kind (including MP3 or DivX video) from public FTP servers around the world and with access aninomo.
The site allows you to search for FTP addresses is Oth.net.
Just connect, FTP, IP addresses found in order to download all the files you want.
If desired, you can also use the classic Google, but in this case the search becomes much more long and laborious.
To infringe a private server in 'Windows environment and obtain l' access to its files, a keylogger, or software to crack the password with the "brute force method is generally used" or (in the case of hackingo via wifi) the technical "man in the middle" during the sniffing of data packets.
An interesting technique from this point of view is the pass-the-hash, which allows a computer intruder to authenticate itself to a remote server using the LM hashes and / or NTLM, a parameter included in the same password to crack. In this way, it eliminates the need to obtain the clear password to access the server.
SEARCH FILES QUERIES IN THE BROWSER:
For finding your files directory on your computer: file:///C:/
to locate other servers on the network: ftp:// (followed by a domain name, a web address, or IP address).
to locate the files of networks or remote computers, they put in place of directory scanning techniques.
On the net you can find the server archives belonged to the same group Anonymous. Below I report a list, to give the 'idea to the reader of how you might present typically a hacked server. Here here's a short list:
ftp://ftp.adelaide.edu.au/
ftp://ftp.inf.puc-rio.br/
ftp://ftp.pangeia.com.br/
ftp://ftp.procergs.com.br/
ftp://ftp.pucpr.br/
ftp://ftp.visualnet.com.br/
ftp://ftp.fastnet.ch/
ftp://ftp.imp.ch/
To get the complete list of FTP Anonymous servers found on the network
subscribe to mermership:
In Kali Linux and Back Track -links (hackers-tools par excellence), to violate a server you have to enter in the "payload". Obviously those who try to access a server without having the credentials, must try to conceal his passage and not get noticed.
The heart of a server is the database. To break in to a server, automatically it means being able to violate the database contained therein. That's why most of the hackers attacks are mainly aimed at a system server. The database may contain sensitive information and valuable as, for example, home banking data of online profiles login credentials and email boxes, confidential information of another type. Sailing into the Deep Web is not difficult to find in the site files and violated folders containing sensitive data both to ordinary people who of famous people!
SQL is the most classic protocol by which the database is generally configured.
Hacking database operations, you are inspired by this protocol thanks to applications like: sqlMap (link) https://github.com/sqlmapproject/sqlmap
SqlMap default does not use obfuscation techniques payload sent, this involves being easily detected by all those tools that monitor requests made to the web server, we refer to the web application firewall (WAF) or IPS. In some cases you can work around the problem by using some techniques implemented in sqlMap thanks to some scripts.
To know how to break a server, subscribe to mermership:
No comments:
Post a Comment